Recently EC-Council held a webinar for certain attendees to discuss what's happened in 2010 and what's projected for 2011. I've been told I can share this information so here are a few highlights...

- EC-Council has passed SANS/GIAC in the number of certified professionals worldwide (I wasn't given specific permission to share numbers and since EC-Council doesn't share these, neither will I here).

- Within a year of launching their academic course books they have formed 200 international partnerships

- Hacker Halted (US) saw a 116% increase in course attendees and will be back in Miami (October) for 2011.

- I don't have the date but they will be launching CAST - Center for Advanced Security Training - courses this year. These will be advanced technical trainings in areas where they have certifications (CEH,ECSA/LPT,CHFI) and some others. The instructors for these courses MUST be practitioners in the field and meet other requirements. There are no plans to have certifications for these courses at this time, they will be advanced technical trainings only.

- Takedown Con will be launched in May in Dallas, Texas. Unlike Hacker Halted, this conference will be much more technical in its discussions. They plan to roll this out to other areas as well (www.takedowncon.com).

- EC-Council donated $1M to the UN last year to have distributed as needed for training. This year another $1M is being donated to academia.

- A new tool helping in lab setup for classes has been developed called iLabs. This is a virtual hosted system by EC-Council that allows instructors to quickly get classrooms ready. Students will each have access to a handful of systems. All licensing is being handled by EC-Council and will no longer be a responsibility of the training center.

- Along with iLabs will come a client/server app called Frankenstein. The utility looks similar to an FTP client. It allows students to connect to EC-Council and download updated tools. If a tool is installed and an updated version is available Frankenstein will prompt you to install the newer version.

- And, of course, there's CEH v7. This is going to include completely rebuilt courseware. To start, all of those boring looking slides have been removed. You will no longer see pages with slides with a box of text and a heading with more text below the slide. The text has been removed. The slides are now very graphical (example attached) - and they look good (and I hear they're trying to get the courseware in color rather than black/white). What about the tools? Yes, tools are still included but the courseware will only be discussing the top tools in each category. You won't have slide after slide of tools you'll never use. They'll still be included on the discs for self-study. The exam will be updated and, again this is speculation, I believe the objectives will be updated as well. They have spent more money producing this CEH version than any version in the past and they are taking it very seriously. Why do I believe the objectives will be updated? I sat in as a CEH SME during Hacker Halted with a representative from Prometric and other security professionals. We were tasked with developing question topics/categories - and new questions are being written from these so I can only guess that these will be the new objectives. You should not be seeing weird questions or questions that come from portions of the courseware not in the objectives.

What else could make CEH v7 great? How about getting a free seat in the initial roll-out? On March 14, 25 training centers worldwide will be conducting the first CEH v7 courses. EC-Council will be giving away 125 seats for these classes. Attendees will also receive a commemorative limited edition, metal, certificate of attendance. Global roll-out will be the following week, March 21.

First and foremost Bill, Thank you for sharing the update info with us.

Secondly, it seems like v7 will be a marked improvement over v6, I would be interested in seeing the changes, though I hope to knock out v6 before March so I can focus on SANS moving into the later part of the year.

You know, I'm not too sure on the details of the free seats. The topic was mentioned but he didn't go into details about getting a seat. They did say that they will very much be marketing this launch so I'm sure information will be posted on their website soon. I'll see if I can get any details on it though.

I'm pretty excited about this. It seems like they've really got this one together. They mentioned they want this to be like the "encyclopedia" for ethical hacking - that they've included everything possible in the courseware for reference but obviously only the important parts will be covered on the exam.

I also forgot to mention that each module will have a "flow" to it and cover similar subjects for each part. They're also including a 'pentest methodology' section to each module explaining in detail the steps to go through when doing a pentest.

I've avoided CEH in the past based on poor feedback from colleagues, but I may have to look into it again after they implement these changes. It's always been on my radar because so many jobs ask for it, but I've always made excuses to postpone because I didn't feel like memorizing the names of every tool on the planet for the exam. Sounds good. Thanks for the info BillV!

I'm kinda' in the same boat as tturner. I've avoided the CEH because of some of the things I've heard from people who've taken the courses, but I recognize the value from an HR perspective. If the class is as much improved as you have described it to be, I would be interested in taking the class.

Since I will be starting a pentest position in the next couple of weeks, I'd be interested in learning more about the free seats when you get the info, BillV.

I can't wait to see what's new in the CEHv7 exam (I mean which new topics).

Also, if the course will now focus on one or to tools per category, I wonder if the exam will be the same. I found the CEH exam difficult to study because while it is good that they keep it up to date, the materials can't follow (outside courses).

Looking at the v7 slide compared to the Version 5 & 6 I've seen, it does look like they have done a much better job. I've always been a guy who hasn't been too much of a fan of the CEH - After reading your post though BillV and seeing the slide, I won't lie v7 looks a lot better. Tturner and ziggy_567 opinions match mine for why I've never been interested in it - Combined with the fact that I think they are introducing way too many topics in the course and teach outdated tools in these previous versions (someone correct me if I'm wrong here).

I'm also interested about hearing the free seats, sounds like the course has been improved and the certification is respected by folks. Good info BillV - thanks!

- EC-Council has passed SANS/GIAC in the number of certified professionals worldwide (I wasn't given specific permission to share numbers and since EC-Council doesn't share these, neither will I here).

- Within a year of launching their academic course books they have formed 200 international partnerships

- - I don't have the date but they will be launching CAST - Center for Advanced Security Training - courses this year. These will be advanced technical trainings in areas where they have certifications (CEH,ECSA/LPT,CHFI) and some others. The instructors for these courses MUST be practitioners in the field and meet other requirements. There are no plans to have certifications for these courses at this time, they will be advanced technical trainings only.

-- EC-Council donated $1M to the UN last year to have distributed as needed for training. This year another $1M is being donated to academia.

- And, of course, there's CEH v7. This is going to include completely rebuilt courseware. To start, all of those boring looking slides have been removed. You will no longer see pages with slides with a box of text and a heading with more text below the slide. The text has been removed. The slides are now very graphical (example attached) - and they look good (and I hear they're trying to get the courseware in color rather than black/white). What about the tools? Yes, tools are still included but the courseware will only be discussing the top tools in each category. You won't have slide after slide of tools you'll never use. They'll still be included on the discs for self-study. The exam will be updated and, again this is speculation, I believe the objectives will be updated as well. They have spent more money producing this CEH version than any version in the past and they are taking it very seriously. Why do I believe the objectives will be updated? I sat in as a CEH SME during Hacker Halted with a representative from Prometric and other security professionals. We were tasked with developing question topics/categories - and new questions are being written from these so I can only guess that these will be the new objectives. You should not be seeing weird questions or questions that come from portions of the courseware not in the objectives.

What else could make CEH v7 great? How about getting a free seat in the initial roll-out? On March 14, 25 training centers worldwide will be conducting the first CEH v7 courses. EC-Council will be giving away 125 seats for these classes. Attendees will also receive a commemorative limited edition, metal, certificate of attendance. Global roll-out will be the following week, March 21.

:-)

BillV

Very interesting news...

As far as them passing up SANS, I am not surprised that has happened. I wonder though, that the C|EH is LESS valuable because of the plethora of folks picking up the cert. I wonder if it will become so ubiquitous that it will lose some of its elusiveness (similar to CISSP, IMO). That could have an additional effect of raising the bar for entry level infosec pros trying to cut their teeth because now it because the candidate pool will grow significantly. Just my opinion.CEH 7, I guess I will pick it up although that money is looking like it may be better spent on a new server or books or saving it. I don’t know. I won’t say I am in a rush to get a new job but I am always looking to beef up my resume/knowledge. I think that the CEH cert should be coupled with something like the elearnsecurity course to make you a “real” CEH. When I say real, I mean not a paper tiger. Again just my opinion. At any rate it looks like the CEH folks are making a killing, I just hope new material will be out by July when I am ready to take the exam.

Certs will always loose marketplace value due to the number of holders, a good employer wont pay attention to that, and instead will look for knowedge and experience. I too think that most CEH's will continue to back up their knowledge with practical certs, but I am wary of fully supporting the statement, they give prospective students a bad view of the certs.

@knwminus: I agree with both points - that too many holders may lower the value and that a practical would be a good thing. While the CEH is still meant to be an introductory/intermediate level certification, I would like to see the follow-on LPT have a practical.

Keep an eye on the EC-Council Website. They will be launching a 'Win a CEHv7 Seat' campaign soon.

This will include some sort of application portal that is expected to be available January 27 at 9am EST for 48 hours only.

Only 5 people will be selected for each of the 25 locations - 125 total.

This also means that paid seats will be available if you're interested. Unfortunately, I do not know which 25 training centers have been selected for this launch. I'd imagine this will be posted on the website.

The free seat in the class will also include a free copy of the v7 courseware.

For those of you going for a seat, good luck!

If anyone gets into the first week global rollout be sure to report back and let us know if it's as good as it sounds.

It's good that we have SANS, ISC2, EC-Council, Offensive-Security, eLearnSecurity, etc to offer us a broad variety of products. It is also obvious that everytime they release a new version of their course, it is improved and updated.

EC-Council has passed SANS/GIAC in the number of certified professionals worldwide (I wasn't given specific permission to share numbers and since EC-Council doesn't share these, neither will I here)

I personnaly think that EC-Council should either release their numbers or just don't talk about it. Offensive-Security don't talk about it either and it is good that way. To me, it's all out or all in. Otherwise, it looks a bit lame...

But if EC-Council has more CEH (which is certainly the vast majority of their certified professionals), good for them! They have found a good market. I am happy to be a CEH myself because people know about it now. Like CISSP, sometime, it's better to have a cert with many, many people has compare to say, GSE that people dont really know (I mean, HR people). GSE is a killer cert to have, but CEH may open more doors...

SephStorm wrote:Certs will always loose marketplace value due to the number of holders, a good employer wont pay attention to that, and instead will look for knowedge and experience. I too think that most CEH's will continue to back up their knowledge with practical certs, but I am wary of fully supporting the statement, they give prospective students a bad view of the certs.

I disagree, a good employer will absolutely know that and pay attention to it because in the end, they answer to their boss/shareholders and they want to keep their cost low. Do you think a CCIE would get paid as much if there were (all of a sudden) 10xs as many CCIEs? No. Do you think a CCNA would get paid the same amount if (all of a sudden) there were only 1/10th the amount of CCNAs? No. It is all about supply and demand. Companies know this and that's my point. Most of the jobs asking for SANS certs I have seen are in the 70-100 range for a reason. There are still relatively few certified pros out there. Whether that be because of the price of the difficultly of the material, they have managed to keep their numbers low. CEH has gone the other way, making it relatively easy to pick it up and increasing their numbers. More CEHs = Less money/jobs for CEHs. If your skills become less of a scarce, then your value decreases.

Again this is sort of an extremely comparison but just how their are CCNAs who don't know what a static route is, I am sure the day is coming of the CEH who don't know what NMAP is. Just my 0.02.

Also with all of that money they are making, they really need to overhaul their website. OMG lame lol

Last edited by knwminus on Tue Jan 25, 2011 9:07 am, edited 1 time in total.

Also, I have recently seen a job poster asking for a network pentester. They were looking for someone with... CISSP! Good employers would know what they are looking for, but that"s mainly true for someone who is looking at hirering.

But for a small company who don't have a clue about security but want someone to check if their infrastructure is secure, they don't know what to look for. They may have heard of CISSP or CEH, but they wouldn't know what OSCP or OSCE is. Sad but true...

So to me, the value is in having multiple certs. Some common ones (CISSP, CCNA and now CEH) and some quality ones (OSCP, OSCE, GPEN). But I mean CISSP, CCNA and CEH are not quality ones, but they are more entry level. That's why many people have them...